Using Repeater to test for XSS
This is a simple tool for manually manipulating and reissuing individual HTTP requests and analyzing the application's responses simultaneously with request.
Here, we are using Mutillidae Reflected XSS exercise,
- First of all intercept the page
- Now send it to repeater from the intercept mode
- Now go to Repeater and in request, change the target_host value to
<script>alert(1)</script>
- Click on Go and see the response, we find that our XSS payload is accepted into our html. You can see this under response in raw tab.
.
- Now to confirm this XSS, lets open this response in our browser by chosing Request in Browser in context menu then copy link from the dailog box and paste it in browser.
- You will see XSS popup when you load the page.
